<!DOCTYPE html>
<html lang=zh>
<head>
    <!-- so meta -->
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="HandheldFriendly" content="True">
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />
    <meta name="description" content="Markdown(个人常用)123451.	ctrl + shift + ~		行内代码块2.	ctrl + b				加粗3.	ctrl + 1~6				h1~h64.	ctrl + shift + i		插入图片5.	ctrl + L				选中一行    NetCat工具的常用使用技巧蚁剑&#x2F;Burpsuite 蚁剑文档 Burpsuite在各场景下的抓包应用 Burpsuite 小">
<meta property="og:type" content="article">
<meta property="og:title" content="[脚本小子]常用工具使用教程">
<meta property="og:url" content="https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/index.html">
<meta property="og:site_name" content="TonyD0g">
<meta property="og:description" content="Markdown(个人常用)123451.	ctrl + shift + ~		行内代码块2.	ctrl + b				加粗3.	ctrl + 1~6				h1~h64.	ctrl + shift + i		插入图片5.	ctrl + L				选中一行    NetCat工具的常用使用技巧蚁剑&#x2F;Burpsuite 蚁剑文档 Burpsuite在各场景下的抓包应用 Burpsuite 小">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2022-02-23T07:23:14.000Z">
<meta property="article:modified_time" content="2023-08-03T07:00:04.697Z">
<meta property="article:author" content="TonyD0g">
<meta property="article:tag" content="脚本小子">
<meta name="twitter:card" content="summary">
    
    
        
          
              <link rel="shortcut icon" href="/images/favicon.ico">
          
        
        
          
            <link rel="icon" type="image/png" href="/images/favicon-192x192.png" sizes="192x192">
          
        
        
          
            <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon.png">
          
        
    
    <!-- title -->
    <title>[脚本小子]常用工具使用教程</title>
    <!-- styles -->
    
<link rel="stylesheet" href="/css/style.css">

    <!-- persian styles -->
    
      
<link rel="stylesheet" href="/css/rtl.css">

    
    <!-- rss -->
    
    
<meta name="generator" content="Hexo 4.2.1"></head>

<body class="max-width mx-auto px3 ltr">
    
      <div id="header-post">
  <a id="menu-icon" href="#"><i class="fas fa-bars fa-lg"></i></a>
  <a id="menu-icon-tablet" href="#"><i class="fas fa-bars fa-lg"></i></a>
  <a id="top-icon-tablet" href="#" onclick="$('html, body').animate({ scrollTop: 0 }, 'fast');" style="display:none;"><i class="fas fa-chevron-up fa-lg"></i></a>
  <span id="menu">
    <span id="nav">
      <ul>
         
          <li><a href="/">首页</a></li>
         
          <li><a href="/about/">关于</a></li>
         
          <li><a href="/tags/">标签</a></li>
         
          <li><a href="/friends/">friends</a></li>
         
          <li><a href="/archives/">归档</a></li>
         
          <li><a href="https://github.com/TonyD0g">项目</a></li>
         
          <li><a href="/search/">搜索</a></li>
        
      </ul>
    </span>
    <br/>
    <span id="actions">
      <ul>
        
        <li><a class="icon" href="/2022/03/03/%E5%86%85%E7%BD%91%E5%AE%89%E5%85%A8%E7%90%86%E8%AE%BA%E7%AF%87%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95%E5%9F%BA%E7%A1%80/"><i class="fas fa-chevron-left" aria-hidden="true" onmouseover="$('#i-prev').toggle();" onmouseout="$('#i-prev').toggle();"></i></a></li>
        
        
        <li><a class="icon" href="/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/"><i class="fas fa-chevron-right" aria-hidden="true" onmouseover="$('#i-next').toggle();" onmouseout="$('#i-next').toggle();"></i></a></li>
        
        <li><a class="icon" href="#" onclick="$('html, body').animate({ scrollTop: 0 }, 'fast');"><i class="fas fa-chevron-up" aria-hidden="true" onmouseover="$('#i-top').toggle();" onmouseout="$('#i-top').toggle();"></i></a></li>
        <li><a class="icon" href="#"><i class="fas fa-share-alt" aria-hidden="true" onmouseover="$('#i-share').toggle();" onmouseout="$('#i-share').toggle();" onclick="$('#share').toggle();return false;"></i></a></li>
      </ul>
      <span id="i-prev" class="info" style="display:none;">上一篇</span>
      <span id="i-next" class="info" style="display:none;">下一篇</span>
      <span id="i-top" class="info" style="display:none;">返回顶部</span>
      <span id="i-share" class="info" style="display:none;">分享文章</span>
    </span>
    <br/>
    <div id="share" style="display: none">
      <ul>
  <li><a class="icon" href="http://www.facebook.com/sharer.php?u=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/" target="_blank" rel="noopener"><i class="fab fa-facebook " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://twitter.com/share?url=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/&text=[脚本小子]常用工具使用教程" target="_blank" rel="noopener"><i class="fab fa-twitter " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.linkedin.com/shareArticle?url=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/&title=[脚本小子]常用工具使用教程" target="_blank" rel="noopener"><i class="fab fa-linkedin " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://pinterest.com/pin/create/bookmarklet/?url=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/&is_video=false&description=[脚本小子]常用工具使用教程" target="_blank" rel="noopener"><i class="fab fa-pinterest " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="mailto:?subject=[脚本小子]常用工具使用教程&body=Check out this article: https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/"><i class="fas fa-envelope " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://getpocket.com/save?url=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/&title=[脚本小子]常用工具使用教程" target="_blank" rel="noopener"><i class="fab fa-get-pocket " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://reddit.com/submit?url=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/&title=[脚本小子]常用工具使用教程" target="_blank" rel="noopener"><i class="fab fa-reddit " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.stumbleupon.com/submit?url=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/&title=[脚本小子]常用工具使用教程" target="_blank" rel="noopener"><i class="fab fa-stumbleupon " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://digg.com/submit?url=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/&title=[脚本小子]常用工具使用教程" target="_blank" rel="noopener"><i class="fab fa-digg " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.tumblr.com/share/link?url=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/&name=[脚本小子]常用工具使用教程&description=" target="_blank" rel="noopener"><i class="fab fa-tumblr " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://news.ycombinator.com/submitlink?u=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/&t=[脚本小子]常用工具使用教程" target="_blank" rel="noopener"><i class="fab fa-hacker-news " aria-hidden="true"></i></a></li>
</ul>

    </div>
    <div id="toc">
      <ol class="toc"><li class="toc-item toc-level-2"><a class="toc-link" href="#Markdown-个人常用"><span class="toc-number">1.</span> <span class="toc-text">Markdown(个人常用)</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#NetCat工具的常用使用技巧"><span class="toc-number">2.</span> <span class="toc-text">NetCat工具的常用使用技巧</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#蚁剑-Burpsuite"><span class="toc-number">3.</span> <span class="toc-text">蚁剑&#x2F;Burpsuite</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#免费代理源"><span class="toc-number">4.</span> <span class="toc-text">免费代理源</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#SQLmap"><span class="toc-number">5.</span> <span class="toc-text">SQLmap</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#SQLmap-tips"><span class="toc-number">5.1.</span> <span class="toc-text">SQLmap tips</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#利用cmd搜索文件"><span class="toc-number">6.</span> <span class="toc-text">利用cmd搜索文件</span></a></li></ol>
    </div>
  </span>
</div>

    
    <div class="content index py4">
        
        <article class="post" itemscope itemtype="http://schema.org/BlogPosting">
  <header>
    
    <h1 class="posttitle" itemprop="name headline">
        [脚本小子]常用工具使用教程
    </h1>



    <div class="meta">
      <span class="author" itemprop="author" itemscope itemtype="http://schema.org/Person">
        <span itemprop="name">TonyD0g</span>
      </span>
      
    <div class="postdate">
      
        <time datetime="2022-02-23T07:23:14.000Z" itemprop="datePublished">2022-02-23</time>
        
        (Updated: <time datetime="2023-08-03T07:00:04.697Z" itemprop="dateModified">2023-08-03</time>)
        
      
    </div>


      

      
    <div class="article-tag">
        <i class="fas fa-tag"></i>
        <a class="tag-link" href="/tags/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90/" rel="tag">脚本小子</a>
    </div>


    </div>
  </header>
  

  <div class="content" itemprop="articleBody">
    <a id="more"></a>



<h2 id="Markdown-个人常用"><a href="#Markdown-个人常用" class="headerlink" title="Markdown(个人常用)"></a>Markdown(个人常用)</h2><figure class="highlight md"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="bullet">1.	</span>ctrl + shift + ~		行内代码块</span><br><span class="line"><span class="bullet">2.	</span>ctrl + b				加粗</span><br><span class="line"><span class="bullet">3.	</span>ctrl + 1~6				h1~h6</span><br><span class="line"><span class="bullet">4.	</span>ctrl + shift + i		插入图片</span><br><span class="line"><span class="bullet">5.	</span>ctrl + L				选中一行</span><br></pre></td></tr></table></figure>



<h2 id="NetCat工具的常用使用技巧"><a href="#NetCat工具的常用使用技巧" class="headerlink" title="NetCat工具的常用使用技巧"></a><a href="https://www.cnblogs.com/LyShark/p/12302379.html" target="_blank" rel="noopener">NetCat工具的常用使用技巧</a></h2><h2 id="蚁剑-Burpsuite"><a href="#蚁剑-Burpsuite" class="headerlink" title="蚁剑/Burpsuite"></a>蚁剑/Burpsuite</h2><ul>
<li><a href="https://www.yuque.com/antswordproject/antsword/pgxa1h" target="_blank" rel="noopener">蚁剑文档</a></li>
<li><a href="https://xz.aliyun.com/t/9425#toc-11" target="_blank" rel="noopener">Burpsuite在各场景下的抓包应用</a></li>
<li><a href="https://xz.aliyun.com/t/11132" target="_blank" rel="noopener">Burpsuite 小tips</a></li>
</ul>
<h2 id="免费代理源"><a href="#免费代理源" class="headerlink" title="免费代理源"></a>免费代理源</h2><ul>
<li>1.站大爷：<a href="https://www.zdaye.com/dayProxy.html" target="_blank" rel="noopener">https://www.zdaye.com/dayProxy.html</a> 前两篇文章里，几乎都可用，质量高</li>
<li>2.无忧代理：<a href="https://www.data5u.com/" target="_blank" rel="noopener">https://www.data5u.com/</a> 首页更新20个，响应比较慢，但基本可用。</li>
<li>3.全球免费代理IP库：<a href="https://ip.jiangxianli.com/" target="_blank" rel="noopener">https://ip.jiangxianli.com/</a> 首页更新，在存活期间的一般可用</li>
<li>4.齐云代理  <a href="https://proxy.ip3366.net/free/" target="_blank" rel="noopener">https://proxy.ip3366.net/free/</a></li>
<li>5.ip3366：<a href="http://www.ip3366.net/" target="_blank" rel="noopener">http://www.ip3366.net/</a> 首页更新10个，未发现可用</li>
</ul>
<h2 id="SQLmap"><a href="#SQLmap" class="headerlink" title="SQLmap"></a>SQLmap</h2><font size=4 >

<!-- more -->

<p><strong>常用指令:</strong></p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">https:&#x2F;&#x2F;my.oschina.net&#x2F;u&#x2F;4352543&#x2F;blog&#x2F;3551039</span><br></pre></td></tr></table></figure>

<p><strong>用法大全:</strong></p>
<ul>
<li>选项:</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">用法：python sqlmap.py [选项]</span><br><span class="line"></span><br><span class="line">选项：</span><br><span class="line">  -h, --help            显示基本帮助信息并退出</span><br><span class="line">  -hh                   显示高级帮助信息并退出</span><br><span class="line">  --version             显示程序版本信息并退出</span><br><span class="line">  -v VERBOSE            输出信息详细程度级别：0-6（默认为 1）</span><br></pre></td></tr></table></figure>

<ul>
<li>目标</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line">目标：</span><br><span class="line">  至少提供一个以下选项以指定目标</span><br><span class="line"></span><br><span class="line">  -d DIRECT           直接连接数据库</span><br><span class="line">  -u URL, --url&#x3D;URL   目标 URL（例如：&quot;http:&#x2F;&#x2F;www.site.com&#x2F;vuln.php?id&#x3D;1&quot;）</span><br><span class="line">  -l LOGFILE          从 Burp 或 WebScarab 代理的日志文件中解析目标地址</span><br><span class="line">  -m BULKFILE         从文本文件中获取批量目标</span><br><span class="line">  -r REQUESTFILE      从文件中读取 HTTP 请求</span><br><span class="line">  -g GOOGLEDORK       使用 Google dork 结果作为目标</span><br><span class="line">  -c CONFIGFILE       从 INI 配置文件中加载选项</span><br></pre></td></tr></table></figure>

<ul>
<li>请求:</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br></pre></td><td class="code"><pre><span class="line">请求：</span><br><span class="line">  以下选项可以指定连接目标地址的方式</span><br><span class="line"></span><br><span class="line">  --method&#x3D;METHOD     强制使用提供的 HTTP 方法（例如：PUT）</span><br><span class="line">  --data&#x3D;DATA         使用 POST 发送数据串（例如：&quot;id&#x3D;1&quot;）</span><br><span class="line">  --param-del&#x3D;PARA..  设置参数值分隔符（例如：&amp;）</span><br><span class="line">  --cookie&#x3D;COOKIE     指定 HTTP Cookie（例如：&quot;PHPSESSID&#x3D;a8d127e..&quot;）</span><br><span class="line">  --cookie-del&#x3D;COO..  设置 cookie 分隔符（例如：;）</span><br><span class="line">  --load-cookies&#x3D;L..  指定以 Netscape&#x2F;wget 格式存放 cookies 的文件</span><br><span class="line">  --drop-set-cookie   忽略 HTTP 响应中的 Set-Cookie 参数</span><br><span class="line">  --user-agent&#x3D;AGENT  指定 HTTP User-Agent</span><br><span class="line">  --random-agent      使用随机的 HTTP User-Agent</span><br><span class="line">  --host&#x3D;HOST         指定 HTTP Host</span><br><span class="line">  --referer&#x3D;REFERER   指定 HTTP Referer</span><br><span class="line">  -H HEADER, --hea..  设置额外的 HTTP 头参数（例如：&quot;X-Forwarded-For: 127.0.0.1&quot;）</span><br><span class="line">  --headers&#x3D;HEADERS   设置额外的 HTTP 头参数（例如：&quot;Accept-Language: fr\nETag: 123&quot;）</span><br><span class="line">  --auth-type&#x3D;AUTH..  HTTP 认证方式（Basic，Digest，NTLM 或 PKI）</span><br><span class="line">  --auth-cred&#x3D;AUTH..  HTTP 认证凭证（username:password）</span><br><span class="line">  --auth-file&#x3D;AUTH..  HTTP 认证 PEM 证书&#x2F;私钥文件</span><br><span class="line">  --ignore-code&#x3D;IG..  忽略（有问题的）HTTP 错误码（例如：401）</span><br><span class="line">  --ignore-proxy      忽略系统默认代理设置</span><br><span class="line">  --ignore-redirects  忽略重定向尝试</span><br><span class="line">  --ignore-timeouts   忽略连接超时</span><br><span class="line">  --proxy&#x3D;PROXY       使用代理连接目标 URL</span><br><span class="line">  --proxy-cred&#x3D;PRO..  使用代理进行认证（username:password）</span><br><span class="line">  --proxy-file&#x3D;PRO..  从文件中加载代理列表</span><br><span class="line">  --tor               使用 Tor 匿名网络</span><br><span class="line">  --tor-port&#x3D;TORPORT  设置 Tor 代理端口代替默认端口</span><br><span class="line">  --tor-type&#x3D;TORTYPE  设置 Tor 代理方式（HTTP，SOCKS4 或 SOCKS5（默认））</span><br><span class="line">  --check-tor         检查是否正确使用了 Tor</span><br><span class="line">  --delay&#x3D;DELAY       设置每个 HTTP 请求的延迟秒数</span><br><span class="line">  --timeout&#x3D;TIMEOUT   设置连接响应的有效秒数（默认为 30）</span><br><span class="line">  --retries&#x3D;RETRIES   连接超时时重试次数（默认为 3）</span><br><span class="line">  --randomize&#x3D;RPARAM  随机更改给定的参数值</span><br><span class="line">  --safe-url&#x3D;SAFEURL  测试过程中可频繁访问且合法的 URL 地址（译者注：</span><br><span class="line">                      有些网站在你连续多次访问错误地址时会关闭会话连接，</span><br><span class="line">                      后面的“请求”小节有详细说明）</span><br><span class="line">  --safe-post&#x3D;SAFE..  使用 POST 方法发送合法的数据</span><br><span class="line">  --safe-req&#x3D;SAFER..  从文件中加载合法的 HTTP 请求</span><br><span class="line">  --safe-freq&#x3D;SAFE..  每访问两次给定的合法 URL 才发送一次测试请求</span><br><span class="line">  --skip-urlencode    不对 payload 数据进行 URL 编码</span><br><span class="line">  --csrf-token&#x3D;CSR..  设置网站用来反 CSRF 攻击的 token</span><br><span class="line">  --csrf-url&#x3D;CSRFURL  指定可提取防 CSRF 攻击 token 的 URL</span><br><span class="line">  --force-ssl         强制使用 SSL&#x2F;HTTPS</span><br><span class="line">  --hpp               使用 HTTP 参数污染攻击</span><br><span class="line">  --eval&#x3D;EVALCODE     在发起请求前执行给定的 Python 代码（例如：</span><br><span class="line">                      &quot;import hashlib;id2&#x3D;hashlib.md5(id).hexdigest()&quot;）</span><br></pre></td></tr></table></figure>

<ul>
<li>优化:</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">优化：</span><br><span class="line">  以下选项用于优化 sqlmap 性能</span><br><span class="line"></span><br><span class="line">  -o                  开启所有优化开关</span><br><span class="line">  --predict-output    预测常用请求的输出</span><br><span class="line">  --keep-alive        使用持久的 HTTP(S) 连接</span><br><span class="line">  --null-connection   仅获取页面大小而非实际的 HTTP 响应</span><br><span class="line">  --threads&#x3D;THREADS   设置 HTTP(S) 请求并发数最大值（默认为 1）</span><br></pre></td></tr></table></figure>

<ul>
<li>注入:</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br></pre></td><td class="code"><pre><span class="line">注入：</span><br><span class="line">  以下选项用于指定要测试的参数，</span><br><span class="line">  提供自定义注入 payloads 和篡改参数的脚本</span><br><span class="line"></span><br><span class="line">  -p TESTPARAMETER    指定需要测试的参数</span><br><span class="line">  --skip&#x3D;SKIP         指定要跳过的参数</span><br><span class="line">  --skip-static       指定跳过非动态参数</span><br><span class="line">  --param-exclude&#x3D;..  用正则表达式排除参数（例如：&quot;ses&quot;）</span><br><span class="line">  --dbms&#x3D;DBMS         指定后端 DBMS（Database Management System，</span><br><span class="line">                      数据库管理系统）类型（例如：MySQL）</span><br><span class="line">  --dbms-cred&#x3D;DBMS..  DBMS 认证凭据（username:password）</span><br><span class="line">  --os&#x3D;OS             指定后端 DBMS 的操作系统类型</span><br><span class="line">  --invalid-bignum    将无效值设置为大数</span><br><span class="line">  --invalid-logical   对无效值使用逻辑运算</span><br><span class="line">  --invalid-string    对无效值使用随机字符串</span><br><span class="line">  --no-cast           关闭 payload 构造机制</span><br><span class="line">  --no-escape         关闭字符串转义机制</span><br><span class="line">  --prefix&#x3D;PREFIX     注入 payload 的前缀字符串</span><br><span class="line">  --suffix&#x3D;SUFFIX     注入 payload 的后缀字符串</span><br><span class="line">  --tamper&#x3D;TAMPER     用给定脚本修改注入数据</span><br></pre></td></tr></table></figure>

<ul>
<li>检测:</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line">检测：</span><br><span class="line">  以下选项用于自定义检测方式</span><br><span class="line"></span><br><span class="line">  --level&#x3D;LEVEL       设置测试等级（1-5，默认为 1）</span><br><span class="line">  --risk&#x3D;RISK         设置测试风险等级（1-3，默认为 1）</span><br><span class="line">  --string&#x3D;STRING     用于确定查询结果为真时的字符串</span><br><span class="line">  --not-string&#x3D;NOT..  用于确定查询结果为假时的字符串</span><br><span class="line">  --regexp&#x3D;REGEXP     用于确定查询结果为真时的正则表达式</span><br><span class="line">  --code&#x3D;CODE         用于确定查询结果为真时的 HTTP 状态码</span><br><span class="line">  --text-only         只根据页面文本内容对比页面</span><br><span class="line">  --titles            只根据页面标题对比页面</span><br></pre></td></tr></table></figure>

<ul>
<li>技术:</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br></pre></td><td class="code"><pre><span class="line">技术：</span><br><span class="line">  以下选项用于调整特定 SQL 注入技术的测试方法</span><br><span class="line"></span><br><span class="line">  --technique&#x3D;TECH    使用的 SQL 注入技术（默认为“BEUSTQ”，译者注：</span><br><span class="line">                      B: Boolean-based blind SQL injection（布尔型盲注）</span><br><span class="line">                      E: Error-based SQL injection（报错型注入）</span><br><span class="line">                      U: UNION query SQL injection（联合查询注入）</span><br><span class="line">                      S: Stacked queries SQL injection（堆叠查询注入）</span><br><span class="line">                      T: Time-based blind SQL injection（时间型盲注）</span><br><span class="line">                      Q: inline Query injection（内联查询注入）</span><br><span class="line">  --time-sec&#x3D;TIMESEC  延迟 DBMS 的响应秒数（默认为 5）</span><br><span class="line">  --union-cols&#x3D;UCOLS  设置联合查询注入测试的列数目范围</span><br><span class="line">  --union-char&#x3D;UCHAR  用于暴力猜解列数的字符</span><br><span class="line">  --union-from&#x3D;UFROM  设置联合查询注入 FROM 处用到的表</span><br><span class="line">  --dns-domain&#x3D;DNS..  设置用于 DNS 渗出攻击的域名（译者注：</span><br><span class="line">                      推荐阅读《在SQL注入中使用DNS获取数据》</span><br><span class="line">                      http:&#x2F;&#x2F;cb.drops.wiki&#x2F;drops&#x2F;tips-5283.html，</span><br><span class="line">                      在后面的“技术”小节中也有相应解释）</span><br><span class="line">  --second-url&#x3D;SEC..  设置二阶响应的结果显示页面的 URL（译者注：</span><br><span class="line">                      该选项用于 SQL 二阶注入）</span><br><span class="line">  --second-req&#x3D;SEC..  从文件读取 HTTP 二阶请求</span><br></pre></td></tr></table></figure>

<ul>
<li>指纹识别:</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">指纹识别：</span><br><span class="line">  -f, --fingerprint   执行广泛的 DBMS 版本指纹识别</span><br></pre></td></tr></table></figure>

<ul>
<li>枚举:</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br></pre></td><td class="code"><pre><span class="line">枚举：</span><br><span class="line">  以下选项用于获取后端 DBMS 的信息，结构和数据表中的数据。</span><br><span class="line">  此外，还可以运行你输入的 SQL 语句</span><br><span class="line"></span><br><span class="line">  -a, --all           获取所有信息、数据</span><br><span class="line">  -b, --banner        获取 DBMS banner</span><br><span class="line">  --current-user      获取 DBMS 当前用户</span><br><span class="line">  --current-db        获取 DBMS 当前数据库</span><br><span class="line">  --hostname          获取 DBMS 服务器的主机名</span><br><span class="line">  --is-dba            探测 DBMS 当前用户是否为 DBA（数据库管理员）</span><br><span class="line">  --users             枚举出 DBMS 所有用户</span><br><span class="line">  --passwords         枚举出 DBMS 所有用户的密码哈希</span><br><span class="line">  --privileges        枚举出 DBMS 所有用户特权级</span><br><span class="line">  --roles             枚举出 DBMS 所有用户角色</span><br><span class="line">  --dbs               枚举出 DBMS 所有数据库</span><br><span class="line">  --tables            枚举出 DBMS 数据库中的所有表</span><br><span class="line">  --columns           枚举出 DBMS 表中的所有列</span><br><span class="line">  --schema            枚举出 DBMS 所有模式</span><br><span class="line">  --count             获取数据表数目</span><br><span class="line">  --dump              导出 DBMS 数据库表项</span><br><span class="line">  --dump-all          导出所有 DBMS 数据库表项</span><br><span class="line">  --search            搜索列，表和&#x2F;或数据库名</span><br><span class="line">  --comments          枚举数据时检查 DBMS 注释</span><br><span class="line">  -D DB               指定要枚举的 DBMS 数据库</span><br><span class="line">  -T TBL              指定要枚举的 DBMS 数据表</span><br><span class="line">  -C COL              指定要枚举的 DBMS 数据列</span><br><span class="line">  -X EXCLUDE          指定不枚举的 DBMS 标识符</span><br><span class="line">  -U USER             指定枚举的 DBMS 用户</span><br><span class="line">  --exclude-sysdbs    枚举所有数据表时，指定排除特定系统数据库</span><br><span class="line">  --pivot-column&#x3D;P..  指定主列</span><br><span class="line">  --where&#x3D;DUMPWHERE   在转储表时使用 WHERE 条件语句</span><br><span class="line">  --start&#x3D;LIMITSTART  指定要导出的数据表条目开始行数</span><br><span class="line">  --stop&#x3D;LIMITSTOP    指定要导出的数据表条目结束行数</span><br><span class="line">  --first&#x3D;FIRSTCHAR   指定获取返回查询结果的开始字符位</span><br><span class="line">  --last&#x3D;LASTCHAR     指定获取返回查询结果的结束字符位</span><br><span class="line">  --sql-query&#x3D;QUERY   指定要执行的 SQL 语句</span><br><span class="line">  --sql-shell         调出交互式 SQL shell</span><br><span class="line">  --sql-file&#x3D;SQLFILE  执行文件中的 SQL 语句</span><br></pre></td></tr></table></figure>

<ul>
<li>暴力破解:</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line">暴力破解：</span><br><span class="line">  以下选项用于暴力破解测试</span><br><span class="line"></span><br><span class="line">  --common-tables     检测常见的表名是否存在</span><br><span class="line">  --common-columns    检测常用的列名是否存在</span><br><span class="line"></span><br><span class="line">用户自定义函数注入：</span><br><span class="line">  以下选项用于创建用户自定义函数</span><br><span class="line"></span><br><span class="line">  --udf-inject        注入用户自定义函数</span><br><span class="line">  --shared-lib&#x3D;SHLIB  共享库的本地路径</span><br></pre></td></tr></table></figure>

<ul>
<li>通用选项:</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br></pre></td><td class="code"><pre><span class="line">通用选项：</span><br><span class="line">  以下选项用于设置通用的参数</span><br><span class="line"></span><br><span class="line">  -s SESSIONFILE      从文件（.sqlite）中读入会话信息</span><br><span class="line">  -t TRAFFICFILE      保存所有 HTTP 流量记录到指定文本文件</span><br><span class="line">  --answers&#x3D;ANSWERS   预设回答（例如：&quot;quit&#x3D;N,follow&#x3D;N&quot;）</span><br><span class="line">  --base64&#x3D;BASE64P..  表明参数包含 Base64 编码的数据</span><br><span class="line">  --batch             从不询问用户输入，使用默认配置</span><br><span class="line">  --binary-fields&#x3D;..  具有二进制值的结果字段（例如：&quot;digest&quot;）</span><br><span class="line">  --check-internet    在访问目标之前检查是否正常连接互联网</span><br><span class="line">  --crawl&#x3D;CRAWLDEPTH  从目标 URL 开始爬取网站</span><br><span class="line">  --crawl-exclude&#x3D;..  用正则表达式筛选爬取的页面（例如：&quot;logout&quot;）</span><br><span class="line">  --csv-del&#x3D;CSVDEL    指定输出到 CVS 文件时使用的分隔符（默认为“,”）</span><br><span class="line">  --charset&#x3D;CHARSET   指定 SQL 盲注字符集（例如：&quot;0123456789abcdef&quot;）</span><br><span class="line">  --dump-format&#x3D;DU..  导出数据的格式（CSV（默认），HTML 或 SQLITE）</span><br><span class="line">  --encoding&#x3D;ENCOD..  指定获取数据时使用的字符编码（例如：GBK）</span><br><span class="line">  --eta               显示每个结果输出的预计到达时间</span><br><span class="line">  --flush-session     清空当前目标的会话文件</span><br><span class="line">  --forms             解析并测试目标 URL 的表单</span><br><span class="line">  --fresh-queries     忽略存储在会话文件中的查询结果</span><br><span class="line">  --har&#x3D;HARFILE       将所有 HTTP 流量记录到一个 HAR 文件中</span><br><span class="line">  --hex               获取数据时使用 hex 转换</span><br><span class="line">  --output-dir&#x3D;OUT..  自定义输出目录路径</span><br><span class="line">  --parse-errors      从响应中解析并显示 DBMS 错误信息</span><br><span class="line">  --preprocess&#x3D;PRE..  使用给定脚本预处理响应数据</span><br><span class="line">  --repair            重新导出具有未知字符的数据（?）</span><br><span class="line">  --save&#x3D;SAVECONFIG   将选项设置保存到一个 INI 配置文件</span><br><span class="line">  --scope&#x3D;SCOPE       用正则表达式从提供的代理日志中过滤目标</span><br><span class="line">  --test-filter&#x3D;TE..  根据 payloads 和&#x2F;或标题（例如：ROW）选择测试</span><br><span class="line">  --test-skip&#x3D;TEST..  根据 payloads 和&#x2F;或标题（例如：BENCHMARK）跳过部分测试</span><br><span class="line">  --update            更新 sqlmap</span><br></pre></td></tr></table></figure>

<ul>
<li>杂项(不常用):</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br></pre></td><td class="code"><pre><span class="line">杂项：</span><br><span class="line">  -z MNEMONICS        使用短助记符（例如：“flu,bat,ban,tec&#x3D;EU”）</span><br><span class="line">  --alert&#x3D;ALERT       在找到 SQL 注入时运行 OS 命令</span><br><span class="line">  --beep              出现问题提醒或在发现 SQL 注入时发出提示音</span><br><span class="line">  --cleanup           指定移除 DBMS 中的特定的 UDF 或者数据表</span><br><span class="line">  --dependencies      检查 sqlmap 缺少（可选）的依赖</span><br><span class="line">  --disable-coloring  关闭彩色控制台输出</span><br><span class="line">  --gpage&#x3D;GOOGLEPAGE  指定页码使用 Google dork 结果</span><br><span class="line">  --identify-waf      针对 WAF&#x2F;IPS 防护进行彻底的测试</span><br><span class="line">  --mobile            使用 HTTP User-Agent 模仿智能手机</span><br><span class="line">  --offline           在离线模式下工作（仅使用会话数据）</span><br><span class="line">  --purge             安全删除 sqlmap data 目录所有内容</span><br><span class="line">  --skip-waf          跳过启发式检测 WAF&#x2F;IPS 防护</span><br><span class="line">  --smart             只有在使用启发式检测时才进行彻底的测试</span><br><span class="line">  --sqlmap-shell      调出交互式 sqlmap shell</span><br><span class="line">  --tmp-dir&#x3D;TMPDIR    指定用于存储临时文件的本地目录</span><br><span class="line">  --web-root&#x3D;WEBROOT  指定 Web 服务器根目录（例如：&quot;&#x2F;var&#x2F;www&quot;）</span><br><span class="line">  --wizard            适合初级用户的向导界面</span><br><span class="line">  访问文件系统：</span><br><span class="line">  以下选项用于访问后端 DBMS 的底层文件系统</span><br><span class="line"></span><br><span class="line">  --file-read&#x3D;FILE..  读取后端 DBMS 文件系统中的文件</span><br><span class="line">  --file-write&#x3D;FIL..  写入到后端 DBMS 文件系统中的文件</span><br><span class="line">  --file-dest&#x3D;FILE..  使用绝对路径写入到后端 DBMS 中的文件</span><br><span class="line"></span><br><span class="line">访问操作系统：</span><br><span class="line">  以下选项用于访问后端 DBMS 的底层操作系统</span><br><span class="line"></span><br><span class="line">  --os-cmd&#x3D;OSCMD      执行操作系统命令</span><br><span class="line">  --os-shell          调出交互式操作系统 shell</span><br><span class="line">  --os-pwn            调出 OOB shell，Meterpreter 或 VNC</span><br><span class="line">  --os-smbrelay       一键调出 OOB shell，Meterpreter 或 VNC</span><br><span class="line">  --os-bof            利用存储过程的缓冲区溢出</span><br><span class="line">  --priv-esc          数据库进程用户提权</span><br><span class="line">  --msf-path&#x3D;MSFPATH  Metasploit 框架的本地安装路径</span><br><span class="line">  --tmp-path&#x3D;TMPPATH  远程临时文件目录的绝对路径</span><br><span class="line"></span><br><span class="line">访问 Windows 注册表：</span><br><span class="line">  以下选项用于访问后端 DBMS 的 Windows 注册表</span><br><span class="line"></span><br><span class="line">  --reg-read          读取一个 Windows 注册表键值</span><br><span class="line">  --reg-add           写入一个 Windows 注册表键值数据</span><br><span class="line">  --reg-del           删除一个 Windows 注册表键值</span><br><span class="line">  --reg-key&#x3D;REGKEY    指定 Windows 注册表键</span><br><span class="line">  --reg-value&#x3D;REGVAL  指定 Windows 注册表键值</span><br><span class="line">  --reg-data&#x3D;REGDATA  指定 Windows 注册表键值数据</span><br><span class="line">  --reg-type&#x3D;REGTYPE  指定 Windows 注册表键值类型</span><br></pre></td></tr></table></figure>

<p><br></br></p>
<p><strong>各个选项的详解:</strong></p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">https:&#x2F;&#x2F;blog.csdn.net&#x2F;wn314&#x2F;article&#x2F;details&#x2F;78872828</span><br></pre></td></tr></table></figure>



<h3 id="SQLmap-tips"><a href="#SQLmap-tips" class="headerlink" title="SQLmap tips"></a><strong>SQLmap tips</strong></h3><p><strong>1.让 Sqlmap 支持 json 函数报错注入</strong></p>
<figure class="highlight xml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line"><span class="tag">&lt;<span class="name">test</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">title</span>&gt;</span>MySQL &gt;= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS FUNCTION)<span class="tag">&lt;/<span class="name">title</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">stype</span>&gt;</span>2<span class="tag">&lt;/<span class="name">stype</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">level</span>&gt;</span>1<span class="tag">&lt;/<span class="name">level</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">risk</span>&gt;</span>0<span class="tag">&lt;/<span class="name">risk</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">clause</span>&gt;</span>1,2,3<span class="tag">&lt;/<span class="name">clause</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">where</span>&gt;</span>1<span class="tag">&lt;/<span class="name">where</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">vector</span>&gt;</span>AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))USING UTF8)))<span class="tag">&lt;/<span class="name">vector</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">request</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">payload</span>&gt;</span>AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))USING UTF8)))<span class="tag">&lt;/<span class="name">payload</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">request</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">response</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">grep</span>&gt;</span>DELIMITER_START[DELIMITER_STOP]<span class="tag">&lt;/<span class="name">grep</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">response</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">details</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">dbms</span>&gt;</span>MySQL<span class="tag">&lt;/<span class="name">dbms</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">dbms_version</span>&gt;</span>&gt;= 5.7<span class="tag">&lt;/<span class="name">dbms_version</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">details</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">test</span>&gt;</span></span><br></pre></td></tr></table></figure>

<p><strong>2.使用 sqlmap 的 osshell 不出现盘符的解决办法</strong></p>
<p>Sqlmap 添加 –proxy 参数，用Bp抓包</p>
<p>Bp把 16 进制转换成字符串改动以后，再把字符串转成 16 进制是不行的</p>
<p>所以只需要用Bp把路径那里的 16 进制改下就行，添加一个 <code>&quot;f:&quot;</code>的16 进制<code>&quot;663a&quot;</code>，然后改包过去</p>
<p><strong>3.修改 / 添加 sqlmap 的 xml 文件语句自定义 payload</strong></p>
<p><strong>注意事项：</strong></p>
<p>[1] table 和 colums 在 mysql 中是特殊字符<br>[2] 反引号是 sql 语言的转义字符<br>[3] 在 mysql 中的 sql 语句为了避免与系统冲突给表名加上反引号 ，（但在指定其他数据库时不能加，否则会被认作是表）</p>
<p>如：</p>
<figure class="highlight php"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">information_schema.tables 改为 information_schema.`tables`</span><br></pre></td></tr></table></figure>



<p>修改 / 添加 sqlmap 的 xml 文件语句来自定义 payload 。需要找到对应的 xml 文件，然后修改 xml 文件中的语句。</p>
<p>查询语句在 <code>\sqlmap\data\xml\ queries.xml</code>定义，若想自定义查询语句则只需要修改 / 添加想要执行的查询语句即可，如上边对<br>INFORMATION_SCHEMA. `TABLES` 的修改</p>
<p>不同的注入方式使用的语句则需要在对应的注入方式中的 xml 语句进行修改，在 <code>\sqlmap\data\xml\payloads\</code> 文件下</p>
<hr>
<h2 id="利用cmd搜索文件"><a href="#利用cmd搜索文件" class="headerlink" title="利用cmd搜索文件"></a>利用cmd搜索文件</h2><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br></pre></td><td class="code"><pre><span class="line">@<span class="built_in">echo</span> off&amp; setlocal enabledelayedexpansion</span><br><span class="line">rem +++++++++++++++++++++++++++++++++++++++++++</span><br><span class="line">rem   search.bat</span><br><span class="line">rem          By xxxx 2022-06-06</span><br><span class="line">rem</span><br><span class="line">rem            Version: 1.1</span><br><span class="line">rem +++++++++++++++++++++++++++++++++++++++++++</span><br><span class="line"><span class="built_in">set</span> stime=%time:~0,2%%time:~3,2%%time:~6,2%</span><br><span class="line"><span class="keyword">if</span> <span class="string">"%stime:~0,1%"</span>==<span class="string">" "</span> <span class="built_in">set</span> <span class="string">"stime=0%stime:~1%"</span></span><br><span class="line"> </span><br><span class="line"><span class="keyword">if</span> <span class="string">"%1"</span> equ <span class="string">""</span> (</span><br><span class="line">    <span class="built_in">echo</span> 命令语法不正确。使用/?查看帮助</span><br><span class="line">    goto <span class="built_in">exit</span></span><br><span class="line">)</span><br><span class="line"><span class="keyword">if</span> <span class="string">"%1"</span> equ <span class="string">"/?"</span> (</span><br><span class="line">    <span class="built_in">echo</span> 全盘搜索文件/文件夹或者遍历目录。</span><br><span class="line">	<span class="built_in">echo</span>.</span><br><span class="line">    <span class="built_in">echo</span> SEARCH ^[file^]^[folder^]^[path^] ^[/V^]</span><br><span class="line">	<span class="built_in">echo</span>.</span><br><span class="line">	<span class="built_in">echo</span>   ^[file^]^[folder^]^[path^]</span><br><span class="line">	<span class="built_in">echo</span> 	指定要列出的文件、文件夹或目录列表。</span><br><span class="line">	<span class="built_in">echo</span>.</span><br><span class="line">	<span class="built_in">echo</span>   ^[/V^]</span><br><span class="line">	<span class="built_in">echo</span> 	查找相关字符串</span><br><span class="line">    goto <span class="built_in">exit</span></span><br><span class="line">)</span><br><span class="line"><span class="keyword">if</span> /i <span class="string">"%1"</span> equ <span class="string">"/v"</span> (</span><br><span class="line">	<span class="built_in">echo</span> 模糊查找</span><br><span class="line">    <span class="built_in">set</span> <span class="built_in">pwd</span>=%<span class="built_in">cd</span>%</span><br><span class="line">	<span class="built_in">echo</span>  start searching .....</span><br><span class="line">	<span class="built_in">echo</span>.</span><br><span class="line"> </span><br><span class="line">	<span class="keyword">for</span> %%i <span class="keyword">in</span> (C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\) <span class="keyword">do</span> (</span><br><span class="line">		<span class="keyword">if</span> exist %%i (</span><br><span class="line">			<span class="built_in">echo</span> ■■■■ Searching <span class="keyword">for</span> the %%i disk</span><br><span class="line">			rem <span class="keyword">if</span> exist %%i\nul</span><br><span class="line">			rem <span class="built_in">cd</span> /d %%i\ &amp; dir /S/b <span class="string">"%1"</span> 2&gt;nul</span><br><span class="line">			<span class="built_in">cd</span> /d %%i &amp; dir /S/b |findstr <span class="string">"%2$"</span> &amp; <span class="built_in">echo</span>.</span><br><span class="line">		)</span><br><span class="line">	)</span><br><span class="line">	<span class="built_in">cd</span> /d !<span class="built_in">pwd</span>!</span><br><span class="line">	<span class="built_in">echo</span>. &amp;<span class="built_in">echo</span>. &amp;<span class="built_in">echo</span>.</span><br><span class="line">) <span class="keyword">else</span> (</span><br><span class="line">	<span class="built_in">set</span> <span class="built_in">pwd</span>=%<span class="built_in">cd</span>%</span><br><span class="line">	<span class="built_in">echo</span>  start searching .....</span><br><span class="line">	<span class="built_in">echo</span>.</span><br><span class="line">        </span><br><span class="line">        @rem fsutil fsinfo drives 获得各驱动器盘符</span><br><span class="line">	<span class="keyword">for</span> %%i <span class="keyword">in</span> (C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\) <span class="keyword">do</span> (</span><br><span class="line">		<span class="keyword">if</span> exist %%i (</span><br><span class="line">			<span class="built_in">echo</span> ■■■■ Searching <span class="keyword">for</span> the %%i disk</span><br><span class="line">			rem <span class="keyword">if</span> exist %%i\nul</span><br><span class="line">			rem <span class="built_in">cd</span> /d %%i\ &amp; dir /S/b <span class="string">"%1"</span> 2&gt;nul</span><br><span class="line">			<span class="built_in">cd</span> /d %%i &amp; dir /S/b <span class="string">"%1"</span> &amp; <span class="built_in">echo</span>.</span><br><span class="line">			findstr /s /n <span class="string">"%1"</span> %%i* &amp; <span class="built_in">echo</span>.</span><br><span class="line">		)</span><br><span class="line">	)</span><br><span class="line">	<span class="built_in">cd</span> /d !<span class="built_in">pwd</span>!</span><br><span class="line">	<span class="built_in">echo</span>. &amp;<span class="built_in">echo</span>. &amp;<span class="built_in">echo</span>.</span><br><span class="line">)</span><br><span class="line"> </span><br><span class="line"> </span><br><span class="line"><span class="built_in">set</span> etime=%time:~0,2%%time:~3,2%%time:~6,2%</span><br><span class="line"><span class="keyword">if</span> <span class="string">"%etime:~0,1%"</span>==<span class="string">" "</span> <span class="built_in">set</span> <span class="string">"etime=0%etime:~1%"</span></span><br><span class="line"><span class="built_in">echo</span> 开始时间：%stime%</span><br><span class="line"><span class="built_in">echo</span> 结束时间：%etime%</span><br><span class="line">:<span class="built_in">exit</span></span><br></pre></td></tr></table></figure>



<p><strong>其他资料:</strong></p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">SQLMAP用户手册:</span><br><span class="line">https:&#x2F;&#x2F;sqlmap.kvko.live&#x2F;usage&#x2F;output-verbosity</span><br><span class="line"></span><br><span class="line">SQL注入Wiki:</span><br><span class="line">http:&#x2F;&#x2F;sqlwiki.radare.cn&#x2F;#&#x2F;</span><br><span class="line"></span><br><span class="line">1 让Sqlmap支持json函数报错注入#</span><br><span class="line">2 使用sqlmap的osshell不出现盘符的解决办法#</span><br><span class="line">3 一次注入实战引发的SQLMAP修改之路</span><br></pre></td></tr></table></figure>

</font>


  </div>
</article>



        
          <div id="footer-post-container">
  <div id="footer-post">

    <div id="nav-footer" style="display: none">
      <ul>
         
          <li><a href="/">首页</a></li>
         
          <li><a href="/about/">关于</a></li>
         
          <li><a href="/tags/">标签</a></li>
         
          <li><a href="/friends/">friends</a></li>
         
          <li><a href="/archives/">归档</a></li>
         
          <li><a href="https://github.com/TonyD0g">项目</a></li>
         
          <li><a href="/search/">搜索</a></li>
        
      </ul>
    </div>

    <div id="toc-footer" style="display: none">
      <ol class="toc"><li class="toc-item toc-level-2"><a class="toc-link" href="#Markdown-个人常用"><span class="toc-number">1.</span> <span class="toc-text">Markdown(个人常用)</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#NetCat工具的常用使用技巧"><span class="toc-number">2.</span> <span class="toc-text">NetCat工具的常用使用技巧</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#蚁剑-Burpsuite"><span class="toc-number">3.</span> <span class="toc-text">蚁剑&#x2F;Burpsuite</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#免费代理源"><span class="toc-number">4.</span> <span class="toc-text">免费代理源</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#SQLmap"><span class="toc-number">5.</span> <span class="toc-text">SQLmap</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#SQLmap-tips"><span class="toc-number">5.1.</span> <span class="toc-text">SQLmap tips</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#利用cmd搜索文件"><span class="toc-number">6.</span> <span class="toc-text">利用cmd搜索文件</span></a></li></ol>
    </div>

    <div id="share-footer" style="display: none">
      <ul>
  <li><a class="icon" href="http://www.facebook.com/sharer.php?u=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/" target="_blank" rel="noopener"><i class="fab fa-facebook fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://twitter.com/share?url=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/&text=[脚本小子]常用工具使用教程" target="_blank" rel="noopener"><i class="fab fa-twitter fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.linkedin.com/shareArticle?url=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/&title=[脚本小子]常用工具使用教程" target="_blank" rel="noopener"><i class="fab fa-linkedin fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://pinterest.com/pin/create/bookmarklet/?url=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/&is_video=false&description=[脚本小子]常用工具使用教程" target="_blank" rel="noopener"><i class="fab fa-pinterest fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="mailto:?subject=[脚本小子]常用工具使用教程&body=Check out this article: https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/"><i class="fas fa-envelope fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://getpocket.com/save?url=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/&title=[脚本小子]常用工具使用教程" target="_blank" rel="noopener"><i class="fab fa-get-pocket fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://reddit.com/submit?url=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/&title=[脚本小子]常用工具使用教程" target="_blank" rel="noopener"><i class="fab fa-reddit fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.stumbleupon.com/submit?url=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/&title=[脚本小子]常用工具使用教程" target="_blank" rel="noopener"><i class="fab fa-stumbleupon fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://digg.com/submit?url=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/&title=[脚本小子]常用工具使用教程" target="_blank" rel="noopener"><i class="fab fa-digg fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.tumblr.com/share/link?url=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/&name=[脚本小子]常用工具使用教程&description=" target="_blank" rel="noopener"><i class="fab fa-tumblr fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://news.ycombinator.com/submitlink?u=https://github.com/TonyD0g/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/&t=[脚本小子]常用工具使用教程" target="_blank" rel="noopener"><i class="fab fa-hacker-news fa-lg" aria-hidden="true"></i></a></li>
</ul>

    </div>

    <div id="actions-footer">
        <a id="menu" class="icon" href="#" onclick="$('#nav-footer').toggle();return false;"><i class="fas fa-bars fa-lg" aria-hidden="true"></i> 菜单</a>
        <a id="toc" class="icon" href="#" onclick="$('#toc-footer').toggle();return false;"><i class="fas fa-list fa-lg" aria-hidden="true"></i> 目录</a>
        <a id="share" class="icon" href="#" onclick="$('#share-footer').toggle();return false;"><i class="fas fa-share-alt fa-lg" aria-hidden="true"></i> 分享</a>
        <a id="top" style="display:none" class="icon" href="#" onclick="$('html, body').animate({ scrollTop: 0 }, 'fast');"><i class="fas fa-chevron-up fa-lg" aria-hidden="true"></i> 返回顶部</a>
    </div>

  </div>
</div>

        
        <footer id="footer">
  <div class="footer-left">
    Copyright &copy;
    
    
    2016-2023
    TonyD0g
  </div>
  <div class="footer-right">
    <nav>
      <ul>
         
          <li><a href="/">首页</a></li>
         
          <li><a href="/about/">关于</a></li>
         
          <li><a href="/tags/">标签</a></li>
         
          <li><a href="/friends/">friends</a></li>
         
          <li><a href="/archives/">归档</a></li>
         
          <li><a href="https://github.com/TonyD0g">项目</a></li>
         
          <li><a href="/search/">搜索</a></li>
        
      </ul>
    </nav>
  </div>
</footer>

    </div>
    <!-- styles -->

<link rel="stylesheet" href="/lib/font-awesome/css/all.min.css">


<link rel="stylesheet" href="/lib/justified-gallery/css/justifiedGallery.min.css">


    <!-- jquery -->

<script src="/lib/jquery/jquery.min.js"></script>


<script src="/lib/justified-gallery/js/jquery.justifiedGallery.min.js"></script>

<!-- clipboard -->

  
<script src="/lib/clipboard/clipboard.min.js"></script>

  <script type="text/javascript">
  $(function() {
    // copy-btn HTML
    var btn = "<span class=\"btn-copy tooltipped tooltipped-sw\" aria-label=\"复制到粘贴板!\">";
    btn += '<i class="far fa-clone"></i>';
    btn += '</span>'; 
    // mount it!
    $(".highlight table").before(btn);
    var clip = new ClipboardJS('.btn-copy', {
      text: function(trigger) {
        return Array.from(trigger.nextElementSibling.querySelectorAll('.code')).reduce((str,it)=>str+it.innerText+'\n','')
      }
    });
    clip.on('success', function(e) {
      e.trigger.setAttribute('aria-label', "复制成功!");
      e.clearSelection();
    })
  })
  </script>


<script src="/js/main.js"></script>

<!-- search -->

<!-- Google Analytics -->

    <script type="text/javascript">
        (function(i,s,o,g,r,a,m) {i['GoogleAnalyticsObject']=r;i[r]=i[r]||function() {
        (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
        m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
        })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
        ga('create', 'UA-84578611-1', 'auto');
        ga('send', 'pageview');
    </script>

<!-- Baidu Analytics -->

    <script type="text/javascript">
        var _hmt = _hmt || [];
        (function() {
            var hm = document.createElement("script");
            hm.src = "https://hm.baidu.com/hm.js?2e6da3c375c789455b664cea6d4cb29c";
            var s = document.getElementsByTagName("script")[0];
            s.parentNode.insertBefore(hm, s);
        })();
    </script>

<!-- Disqus Comments -->


</body>
</html>
